Configuring VNMC Profiles

VNMC Profiles

Cisco VNMC profiles are configurable.

In Cisco VNMC, there is a default profile that exists. Default profiles are system generated and can be modified, but they cannot be deleted. The administrator can add syslog policies, core policies, fault policies, log policies, and the time zone. DNS and NTP policies can be created also. Configured policies can be assigned to the VNMC profile.

In the VNMC profile, there is a pre-configured DNS domain name when the system is configured at boot configuration. That domain is displayed in the Cisco VNMC instance. New DNS domains cannot be created. However the domain name description can be modified.

Cisco VNMC does not support the creation of additional VNMC profiles.

Policies in VNMC Profiles

You can create multiple policies and assign them to the VNMC profile. Policies for the VNMC profile are created and deleted on the VNMC Profile tab. Policies can be assigned to the VNMC profile. VNMC profile uses name resolution to resolve policy assignments. For details, see Name Resolution in a Multi-Tenant Environment.

The following policies created under root only, in the Device Policies area, will be visible in the VNMC profile:

Core file policy

Fault policy

Logging policy

Syslog policy

Policies created under root are visible to both the VNMC profile and the Device profile.

DNS server, NTP server and domain names can be assigned as inline policies. A time zone setting can also be assigned to the profile.

When the system boots up, the following policies already have existing default policies:

Deleting a Core File Policy from the VNMC Profile

In the General tab, click the core file policy you want to delete, then click Delete.

Step 3

When prompted, confirm the deletion.

Configuring a Fault Policy

Adding a Fault Policy to the VNMC Profile

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Policies > Fault.

Step 2

In the General tab, click Add Fault Policy.

Step 3

In the Add Fault Policy dialog box, provide the information as described in the following table, then click OK:

Field

Description

Name

Fault policy name.

This name can be between 1 and 32 identifier characters. You can use alphanumeric characters including hyphen, underscore, dot, and colon. You cannot change this name after it is created.

Description

Brief policy description.

Flapping Interval

Length of time (in hours, minutes, and seconds) that must elapse before the system allows a fault to change its state.

Flapping occurs when a fault is raised and cleared several times in rapid succession. To prevent this, the system does not allow a fault to change its state until this amount of time has elapsed since the last state change.

If the condition reoccurs during the flapping interval, the fault returns to the active state. If the condition does not reoccur during the flapping interval, the fault is cleared. What happens at that point depends on the setting in the Clear Faults Retention Action field.

The default flapping interval is ten seconds.

Clear Faults Retention Action

Action to be taken when faults are cleared:

retain—Retain the cleared faults.

delete—Delete fault messages as soon as they are marked as cleared.

Clear Faults Retention Interval

How long the system is to retain cleared fault messages:

Forever—The system retains all cleared fault messages regardless of their age.

Other—The system retains cleared fault message for a specified the length of time. In the spinbox that is displayed when you select this option, enter the length of time (in days, hours, minutes, and seconds) that the system is to retain cleared fault messages.

Editing a Fault Policy for a VNMC Profile

Note

When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Policies > Fault.

Step 2

In the General tab, select the fault policy you want to edit, then click Edit.

Step 3

In the Edit Fault Policy dialog box, modify the fields as needed by using the information in the following table, then click OK.

Field

Description

Name

Policy name (read-only).

Description

Brief policy description.

Flapping Interval

Length of time (in hours, minutes, and seconds) that must elapse before the system allows a fault to change its state.

Flapping occurs when a fault is raised and cleared several times in rapid succession. To prevent this, the system does not allow a fault to change its state until this amount of time has elapsed since the last state change.

If the condition recurs during the flapping interval, the fault returns to the active state. If the condition does not recur during the flapping interval, the fault is cleared. The next action depends on the setting in the Clear Faults Retention Action field.

The default flapping interval is ten seconds.

Clear Faults Retention Action

Available fault retention actions:

retain—The system retains fault messages.

delete—The system deletes fault messages when they are marked as cleared.

Clear Faults Retention Interval

How long the system is to retain cleared fault messages:

Forever—The system retains all cleared fault messages regardless of their age.

Other—The system retains cleared fault message for a specified the length of time. In the spinbox that is displayed when you select this option, enter the length of time (in days, hours, minutes, and seconds) that the system is to retain cleared fault messages.

Deleting a Fault Policy from the VNMC Profile

Note

When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.

In the General tab, select the logging policy you want to delete, then click Delete.

Step 3

When prompted, confirm the deletion.

Configuring Syslog Policy

Adding a Syslog Policy to the VNMC Profile

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Policies > Syslog.

Step 2

In the General tab, click Add Syslog.

Step 3

In the Add Syslog Policy dialog box, provide the information as described in the following table, then click OK.

The syslog message settings that you configure for the VNMC profile apply to VNMC syslog messages only. These settings do not affect other non-VNMC syslog messages.

Field

Description

General Tab

Name

Policy name.

Description

Brief policy description.

Use Emblem Format

Check the check box to use the EMBLEM format for syslog messages.

This option is supported for ASA 1000Vs. It is not supported for VSGs.

Continue if Host is Down

Check the check box to continue logging if the syslog server is down.

This option is supported for ASA 1000Vs. It is not supported for VSGs.

Servers Tab

Add Syslog Server

Click to add a new syslog server.

Syslog Servers table

List of configured syslog servers.

Local Destinations Tab

Console area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: alert, critical, or emergency. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

Monitor area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

File area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

File Name—Name of the file to which messages are logged.

Size (bytes)—Maximum size, in bytes, that the file can reach before the system begins to overwrite the messages.

Buffer area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

Buffer Size (Bytes)—In bytes, the size of the buffer for syslog messages.

Wrap to Flash—Indicates whether or not the buffer contents are saved to flash memory with the buffer wraps (becomes full). Check the check box to save the contents to flash memory if the buffer wraps.

Max File Size in Flash (KB)—Maximum size, in kilobytes, that can be used by the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.

Min Free Flash Size (KB)—Minimum size, in kilobytes, that is allocated for the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.

Editing a Syslog Policy for VNMC Profile

Note

When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Policies > Syslog.

Step 2

In the General tab, select the syslog policy you want to edit, then click Edit.

Step 3

In the Edit Syslog Policy dialog box, update the information as required by using the information in the following table, then click OK.

Field

Description

General Tab

Name

Policy name.

Description

Brief policy description.

Use Emblem Format

Check the check box to use the EMBLEM format for syslog messages.

This option is supported for ASA 1000Vs. It is not supported for VSGs.

Continue if Host is Down

Check the check box to continue logging if the syslog server is down.

This option is supported for ASA 1000Vs. It is not supported for VSGs.

Servers Tab

Add Syslog Server

Click to add a new syslog server.

Syslog Servers table

List of configured syslog servers.

Local Destinations Tab

Console area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: alert, critical, or emergency. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

Monitor area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

File area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

File Name—Name of the file to which messages are logged.

Size (bytes)—Maximum size, in bytes, that the file can reach before the system begins to overwrite the messages.

Buffer area

Admin State—Administrative state of the policy: enabled or disabled.

Level—Message level: emergency, alert, critical, error, warning, notification, information, or debugging. If the Admin State is enabled, select the lowest message level that you want displayed. The system displays that level and above on the console.

Buffer Size (Bytes)—In bytes, the size of the buffer for syslog messages.

Wrap to Flash—Indicates whether or not the buffer contents are saved to flash memory with the buffer wraps (becomes full). Check the check box to save the contents to flash memory if the buffer wraps.

Max File Size in Flash (KB)—Maximum size, in kilobytes, that can be used by the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.

Min Free Flash Size (KB)—Minimum size, in kilobytes, that is allocated for the syslog buffer. This option is enabled if the Wrap to Flash option is enabled.

Deleting a Syslog Policy from a VNMC Profile

Note

When the system boots up, a default policy already exists. The default policy cannot be deleted but can be modified.

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Policies > Syslog.

Step 2

In the General tab, click the syslog policy you want to delete, then click Delete.

In the Add Syslog Server dialog box, provide the information as described in the following table:

Field

Description

Server Type

One of the following server types:

primary

secondary

tertiary

Hostname/IP Address

Hostname or IP address where the syslog file resides.

Severity

One of the following severity levels:

emergencies (0)

alerts (1)

critical (2)

errors (3)

warnings (4)

notifications (5)

information (6)

debugging (7)

Forwarding Facility

One of the following forwarding facilities:

auth

authpriv

cron

daemon

ftp

kernel

local0

local1

local2

local3

local4

local5

local6

local7

lpr

mail

news

syslog

user

uucp

Admin State

Administrative state of the policy: enabled or disabled.

Port

Port to use to send data to the syslog server.

Valid port values are 1025 through 65535 for both TCP and UDP. The default TCP port is 1470. The default UDP port is 514.

Protocol

Protocol to use for this policy: TCP or UDP.

Use Transport Layer Security

Check the check box to use Transport Layer Security.

This option is available only for TCP.

Server Interface

Interface to use to access the syslog server.

Step 5

Click OK in the open dialog boxes.

Editing a Syslog Server for VNMC Profile

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Policies > Syslog.

Step 2

In the General tab, select the syslog policy with the syslog server that you want to edit, then click Edit.

Step 3

In the Edit Syslog Policy dialog box, click the Servers tab.

Step 4

Select the syslog server that you want to edit, then click Edit.

Step 5

In the Edit Syslog Server dialog box, edit the information as required, using the information in the following table:

Name

Description

Server Type

One of the following server types: primary, secondary, or tertiary (read-only).

Hostname/IP Address

Hostname or IP address where the syslog file resides.

Severity

One of the following severity levels:

emergencies (0)

alerts (1)

critical (2)

errors (3)

warnings (4)

notifications (5)

information (6)

debugging (7)

Forwarding Facility

One of the following forwarding facilities:

auth

authpriv

cron

daemon

ftp

kernel

local0

local1

local2

local3

local4

local5

local6

local7

lpr

mail

news

syslog

user

uucp

Admin State

Administrative state of the policy: enabled or disabled.

Port

Port to use to send data to the syslog server.

Valid port values are 1025 through 65535 for both TCP and UDP. The default TCP port is 1470. The default UDP port is 514.

Protocol

Protocol to use: TCP or UDP.

Use Transport Layer Security

Check the check box to use Transport Layer Security.

This option is available only for TCP.

Server Interface

Interface to use to access the syslog server.

This option applies to ASA 1000V only. Enter the data interface name specify in the edge firewall.

Use the device CLI to configure a route through the management interface.

Step 6

Click OK in the open dialog boxes.

Deleting a Syslog Server from a VNMC Profile

Procedure

Step 1

In the Navigation pane, click the Administration tab.

Step 2

In the Navigation pane, click the VNMC Profile subtab.

Step 3

In the Navigation pane, expand root > Advanced > VNMC Policies.

Step 4

In the Navigation pane, click the Syslog node.

Step 5

In the Work pane, click the General tab.

Step 6

On the General tab, click the Add Syslog link.

Step 7

In the Add Syslog dialog box, click the Servers tab.

Step 8

On the Servers tab, click the syslog server you want to delete.

Step 9

Click Delete.

Step 10

In the Confirm dialog box, click Yes.

Configuring the Default Profile

Editing the VNMC Default Profile

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Profile > default.

Step 2

In the General tab, update the information as required:

Field

Description

Name

Default profile name (read-only).

Description

Brief profile description.

Time Zone

Available time zones.

The default time zone is UTC.

Step 3

In the Policy tab, update the information as required:

Field

Description

DNS Servers

Add DNS Server

Click to add a new DNS server.

Delete

Deletes the DNS server selected in the DNS Servers table.

Up and down arrows

Changes the priority of the selected DNS server.

VNMC uses the DNS servers in the order in which they appear in the table.

DNS Servers table

Identifies the DNS servers configured in the system.

NTP Servers

Add NTP Server

Click to add a new NTP server.

Delete

Deletes the NTP server selected in the NTP Servers table.

Up and down arrows

Changes the priority of the selected NTP server.

VNMC uses the NTP servers in the order in which they appear in the table.

NTP Servers table

Identifies the NTP servers configured in the system.

DNS Domains

Edit

Edits the DNS domain selected in the DNS Domains table.

The default DNS domain cannot be edited.

DNS Domains

Identifies the default DNS domain name and domain configured in the system.

Other Options

Syslog

The syslog policies associated with this profile can be selected, added, or edited.

Click the Resolved Policy field to review or modify the specified policy.

Fault

The fault policies associated with this profile can be selected, added, or edited.

Click the Resolved Policy field to review or modify the specified policy.

Core File

The core file policies associated with this profile can be selected, added, or edited.

Click the Resolved Policy field to review or modify the specified policy.

Log File

The log file policies associated with this profile can be selected, added, or edited.

Click the Resolved Policy field to review or modify the specified policy.

Step 4

Click Save.

Configuring a DNS Server

Adding a DNS Server

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Profile > default.

Step 2

Click the Policy tab.

Step 3

In the DNS Servers area, click Add DNS Server.

Step 4

In the Add DNS Server dialog box, enter the DNS server IP address.

You can specify a maximum of four DNS servers.

Step 5

Click Save.

Deleting a DNS Server

Procedure

Step 1

In the Navigation pane, click the Administration tab.

Step 2

In the Navigation pane, click the VNMC Profile subtab.

Step 3

In the Navigation pane, expand root > VNMC Profile.

Step 4

In the Navigation pane, click default.

Step 5

In the Work pane, click the Policy tab.

Step 6

In the DNS Servers area, click the IP address you want to delete.

Step 7

Click the Delete link.

Step 8

In the Confirm dialog box, click Yes.

Step 9

In the Work pane, click Save.

Configuring an NTP Server

Adding an NTP Server

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Profile > default.

Step 2

In the Policy tab, click Add NTP Server.

Step 3

In the Add NTP server dialog box, enter the hostname or IP address of the NTP server.

Note

You can include a maximum of four NTP servers. Use the up and down arrows to arrange the servers from highest to lowest priority, with the highest priority server at the top of the list.

Step 4

Click Save.

Deleting an NTP Server

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Profile > default.

Step 2

Click the Policy tab.

Step 3

In the NTP Servers area, click the server that you want to delete, then click Delete.

Step 4

When prompted, confirm the deletion.

Step 5

Click Save.

Configuring a DNS Domain

Editing a DNS Domain

Caution

Changing the DNS domain will cause a loss of connectivity that results in an error message, your session closing, and then the display of a new VNMC certificate. This situation occurs when the VNMC hostname. VNMC domain name, or both have changed. The VM Manager Extension file must be exported again and installed on vCenter. To continue, accept the VNMC certificate and log into VNMC again.

Procedure

Step 1

Choose Administration > VNMC Profile > root > VNMC Profile > default.

Step 2

Click the Policy tab.

Step 3

In the DNS Domains table, select the domain that you want to edit, then click Edit.

Step 4

In the Edit DNS Domains dialog box, edit the Domain Name field as required, then click OK.